diff options
author | Ruurd Beerstra <ruurd.beerstra@infor.com> | 2020-06-11 17:14:43 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2020-06-16 09:06:19 +0200 |
commit | d80d419d3e3bf0e5f0dea160df5609c57cb3c5df (patch) | |
tree | 103835ad95ff8c5ef1d4c6d72032fe548dde22c9 | |
parent | e15e51384a423be31318b3c9c7d612a1aae661fd (diff) | |
download | curl-d80d419d3e3bf0e5f0dea160df5609c57cb3c5df.tar.gz |
ntlm: enable NTLM support with wolfSSL
When wolfSSL is built with its OpenSSL API layer, it fetures the same DES*
functions that OpenSSL has. This change take advantage of that.
Co-authored-by: Daniel Stenberg
Closes #5556
Fixes #5548
-rw-r--r-- | lib/curl_ntlm_core.c | 17 | ||||
-rw-r--r-- | lib/curl_ntlm_core.h | 6 | ||||
-rw-r--r-- | lib/curl_setup.h | 9 | ||||
-rw-r--r-- | lib/vauth/ntlm.c | 5 | ||||
-rw-r--r-- | lib/vtls/vtls.h | 6 |
5 files changed, 24 insertions, 19 deletions
diff --git a/lib/curl_ntlm_core.c b/lib/curl_ntlm_core.c index 32e29a933..0eefb1587 100644 --- a/lib/curl_ntlm_core.c +++ b/lib/curl_ntlm_core.c @@ -52,13 +52,18 @@ #if !defined(USE_WINDOWS_SSPI) || defined(USE_WIN32_CRYPTO) -#ifdef USE_OPENSSL +#if defined(USE_OPENSSL) || defined(USE_WOLFSSL) + +#ifdef USE_WOLFSSL +#include <wolfssl/options.h> +#endif # include <openssl/des.h> # include <openssl/md5.h> # include <openssl/ssl.h> # include <openssl/rand.h> -# if (OPENSSL_VERSION_NUMBER < 0x00907001L) +# if (defined(OPENSSL_VERSION_NUMBER) && \ + (OPENSSL_VERSION_NUMBER < 0x00907001L)) && !defined(USE_WOLFSSL) # define DES_key_schedule des_key_schedule # define DES_cblock des_cblock # define DES_set_odd_parity des_set_odd_parity @@ -78,14 +83,12 @@ #elif defined(USE_GNUTLS) # include <gcrypt.h> -# define MD5_DIGEST_LENGTH 16 #elif defined(USE_NSS) # include <nss.h> # include <pk11pub.h> # include <hasht.h> -# define MD5_DIGEST_LENGTH MD5_LENGTH #elif defined(USE_MBEDTLS) @@ -138,7 +141,7 @@ static void extend_key_56_to_64(const unsigned char *key_56, char *key) key[7] = (unsigned char) ((key_56[6] << 1) & 0xFF); } -#ifdef USE_OPENSSL +#if defined(USE_OPENSSL) || defined(USE_WOLFSSL) /* * Turns a 56 bit key into the 64 bit, odd parity key and sets the key. The * key schedule ks is also set. @@ -387,7 +390,7 @@ void Curl_ntlm_core_lm_resp(const unsigned char *keys, const unsigned char *plaintext, unsigned char *results) { -#ifdef USE_OPENSSL +#if defined(USE_OPENSSL) || defined(USE_WOLFSSL) DES_key_schedule ks; setup_des_key(keys, DESKEY(ks)); @@ -462,7 +465,7 @@ CURLcode Curl_ntlm_core_mk_lm_hash(struct Curl_easy *data, { /* Create LanManager hashed password. */ -#ifdef USE_OPENSSL +#if defined(USE_OPENSSL) || defined(USE_WOLFSSL) DES_key_schedule ks; setup_des_key(pw, DESKEY(ks)); diff --git a/lib/curl_ntlm_core.h b/lib/curl_ntlm_core.h index e1643d627..7895b6470 100644 --- a/lib/curl_ntlm_core.h +++ b/lib/curl_ntlm_core.h @@ -29,6 +29,7 @@ /* If NSS is the first available SSL backend (see order in curl_ntlm_core.c) then it must be initialized to be used by NTLM. */ #if !defined(USE_OPENSSL) && \ + !defined(USE_WOLFSSL) && \ !defined(USE_GNUTLS_NETTLE) && \ !defined(USE_GNUTLS) && \ defined(USE_NSS) @@ -37,7 +38,10 @@ #if !defined(USE_WINDOWS_SSPI) || defined(USE_WIN32_CRYPTO) -#ifdef USE_OPENSSL +#if defined(USE_OPENSSL) || defined(USE_WOLFSSL) +#ifdef USE_WOLFSSL +# include <wolfssl/options.h> +#endif # include <openssl/ssl.h> #endif diff --git a/lib/curl_setup.h b/lib/curl_setup.h index a86a235b3..82b962b89 100644 --- a/lib/curl_setup.h +++ b/lib/curl_setup.h @@ -633,10 +633,11 @@ int netware_init(void); /* Single point where USE_NTLM definition might be defined */ #if !defined(CURL_DISABLE_NTLM) && !defined(CURL_DISABLE_CRYPTO_AUTH) -#if defined(USE_OPENSSL) || defined(USE_WINDOWS_SSPI) || \ - defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_SECTRANSP) || \ - defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) || \ - defined(USE_MBEDTLS) +#if defined(USE_OPENSSL) || defined(USE_WINDOWS_SSPI) || \ + defined(USE_GNUTLS) || defined(USE_NSS) || defined(USE_SECTRANSP) || \ + defined(USE_OS400CRYPTO) || defined(USE_WIN32_CRYPTO) || \ + defined(USE_MBEDTLS) || \ + (defined(USE_WOLFSSL) && defined(HAVE_WOLFSSL_DES_SET_ODD_PARITY)) #define USE_NTLM diff --git a/lib/vauth/ntlm.c b/lib/vauth/ntlm.c index 8f9103806..3b46e1a46 100644 --- a/lib/vauth/ntlm.c +++ b/lib/vauth/ntlm.c @@ -600,11 +600,14 @@ CURLcode Curl_auth_create_ntlm_type3_message(struct Curl_easy *data, #endif #if defined(USE_NTRESPONSES) && defined(USE_NTLM2SESSION) + +#define CURL_MD5_DIGEST_LENGTH 16 /* fixed size */ + /* We don't support NTLM2 if we don't have USE_NTRESPONSES */ if(ntlm->flags & NTLMFLAG_NEGOTIATE_NTLM_KEY) { unsigned char ntbuffer[0x18]; unsigned char tmp[0x18]; - unsigned char md5sum[MD5_DIGEST_LENGTH]; + unsigned char md5sum[CURL_MD5_DIGEST_LENGTH]; unsigned char entropy[8]; /* Need to create 8 bytes random data */ diff --git a/lib/vtls/vtls.h b/lib/vtls/vtls.h index 92f5acd9d..bcc844416 100644 --- a/lib/vtls/vtls.h +++ b/lib/vtls/vtls.h @@ -113,12 +113,6 @@ CURLcode Curl_none_md5sum(unsigned char *input, size_t inputlen, #define MAX_PINNED_PUBKEY_SIZE 1048576 /* 1MB */ #endif -#ifndef MD5_DIGEST_LENGTH -#ifndef LIBWOLFSSL_VERSION_HEX /* because WolfSSL borks this */ -#define MD5_DIGEST_LENGTH 16 /* fixed size */ -#endif -#endif - #ifndef CURL_SHA256_DIGEST_LENGTH #define CURL_SHA256_DIGEST_LENGTH 32 /* fixed size */ #endif |